campuscodi - Slashdot User

Submission + - New Simjacker attack exploited in the wild to track users for at least two years (zdnet.com)

Submitted by campuscodi on Thursday September 12, 2019 @10:03AM

campuscodi writes: Security researchers have disclosed today a major SMS-based attack method being abused in the real world by a surveillance vendor to track and monitor individuals. "We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals," security researchers from AdaptiveMobile Security said in a report released today. "We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance."

The attack, named Simjacker, works by attackers sending SMS messages to victims' phones. The SMS messages contain STK instructions that are run by a victim's SIM card to gather location data and the IMEI code, which is then sent through an SMS message to a logging system. Researchers said they've seen Simjacker being abused to track hundreds of victims for two years, yet it is unclear if the victims are criminals tracked by law enforcement, or dissidents tracked by oppressive regimes. Over one billion smartphone users use SIM cards deemed vulnerable to this attack.

Submission + - No More Public Access to Google PageRank Scores

Submitted by campuscodi on Wednesday March 09, 2016 @07:30PM

campuscodi writes: Google has confirmed with Search Engine Land that it is removing PageRank scores from the IE Google toolbar, which was the last place where someone could check their site's PageRank status. Many SEO experts are extremely happy at this point, since it seems that PageRank is responsible for all the SEO spam we see today.

Submission + - IBM Bequeaths the Express Framework to the Node.js Foundation (thenewstack.io)

Submitted by campuscodi on Thursday February 11, 2016 @10:40AM

campuscodi writes: The Node.js Foundation has taken the Express Node.js framework under its wing. Express will be a new incubation project for the Foundation. IBM, which purchased Express maintainer StrongLoop last September, is contributing the code. Part of the reason for allowing the foundation to oversee Express is to build a diverse contributor base, which is important given the framework’s popularity.

Submission + - Microsoft Asks Node.js to Allow ChakraCore (Edge) Alongside Google's V8 Engine

Submitted by campuscodi on Wednesday January 20, 2016 @06:18PM

campuscodi writes: Microsoft has submitted an official pull request to the Node.js project, through which it's asking the project's maintainers to enable support for ChakraCore, the JavaScript engine packed inside Microsoft's Edge browser, as an alternative to Node's built-in V8 engine, developed by Google. Earlier in December 2015, Microsoft open-sourced ChakraCore. Microsoft has also been one of the biggest companies to adopt Node.js early on, and is also part of the Node.js Foundation's Board o Directors. The main reason to add ChakraCore support in Node.js will help the IoT version of Windows 10 to run JS apps on IoT devices, just like Samsung is also thinking about.

Submission + - New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic (softpedia.com)

Submitted by campuscodi on Tuesday January 05, 2016 @07:26PM

campuscodi writes: Dutch security researcher Guido Vranken has published a paper [PDF] in which he details a new attack on TLS/SSL-encrypted traffic, one that can potentially allow attackers to extract some information from HTTPS data streams. Attackers could extract the length of a password from TLS packets, and then use this information to simplify brute-force attacks. The new HTTPS Bicycle Attack can also be used retroactively on HTTPS traffic logged several years ago. Hello NSA!

Submission + - HHVM Beats Stable Version of PHP 7.0 in Recent Benchmark (kinsta.com)

Submitted by campuscodi on Friday December 11, 2015 @07:14AM

campuscodi writes: PHP7 and HHVM have been exchanging punches for a while via benchmarks. While the PHP supporters were always saying, just wait until the stable version comes out, well... the stable version is out, and a recent benchmark reveals that "HHVM beats PHP7.0 hands down."

Compared on: WordPress, Magento, Drupal8, Laravel, PyroCMS, and October CMS.

Submission + - W3C Sets Up Web Payments Standards Group to Improve Check-Out Security

Submitted by campuscodi on Monday October 26, 2015 @07:34AM

campuscodi writes: The World Wide Web Consortium (W3C) launched today the Web Payments Working Group to help streamline the online "check-out" process and make payments easier and more secure on the Web. The proposed standards will support a wide array of existing and future payment methods, including debit, credit, mobile payment systems, escrow, and Bitcoin and other distributed ledger technologies. The group estimates that the new payments API will reach browsers by the end of 2017. For more details, you can consult the Web Payments Working Group Charter, and the group's wiki FAQ page.

Submission + - Internet-Connected Kettles Help Researchers Crack WiFi Networks Across London

Submitted by campuscodi on Tuesday October 20, 2015 @11:56AM

campuscodi writes: Security researchers at Pen Test Partners have found a security vulnerability in the iKettle Wi-Fi Electric Kettle that allows attackers to crack the password of the WiFi network to which the kettle is connected. Researchers say that using this simple trick and information about iKettles, they drove around London, cracked home WiFi networks, and created a map of insecure WiFi networks across the city. The same researchers cracked a Samsung smart-fridge this summer to disclose Gmail passwords. If you have 6 minutes, there's a YouTube video you can watch.

Slashdot Top Deals